small tun(4) improvement
Gleb Smirnoff
glebius at freebsd.org
Fri Oct 15 00:26:32 PDT 2004
On Thu, Oct 14, 2004 at 04:23:42PM -0700, Julian Elischer wrote:
J> yes I know, that's how we wrote divert.. (to be independent) netgraph
J> came later..
J> I guess we would have done divert differently if we had done netgraph
J> first..
J> probably would have given ipfw a "hook" command that sent
J> packets out a netfgaph hook to whatever was attached.. hmm that could
J> still be really usefull...
I have a snap code doing this. I have temporarily abandoned that node
because, I can't imagine a way to put packets back to ipfw.
ipfw is a function, which processes packet and returns. netgraph may
queue packets. How can it inject them back into ipfw, so that
1) it is checked from the next rule, not first
2) it will be returned to ip_(input|output) ?
J> a netgraph NAT module anyone?
In far plans. First we need to solve the above problem with ifpw
and netgraph interaction.
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
More information about the freebsd-net
mailing list